GHSA-r9hx-vwmv-q579

Source
https://github.com/advisories/GHSA-r9hx-vwmv-q579
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-r9hx-vwmv-q579/GHSA-r9hx-vwmv-q579.json
Aliases
Published
2022-12-23T00:30:23Z
Modified
2024-02-22T05:34:07.620875Z
Details

Python Packaging Authority (PyPA)'s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1.

References

Affected packages

PyPI / setuptools

Package

Name
setuptools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
65.5.1

Affected versions

0.*

0.6b1
0.6b2
0.6b3
0.6b4
0.6c1
0.6c2
0.6c3
0.6c4
0.6c5
0.6c6
0.6c7
0.6c8
0.6c9
0.6c10
0.6c11
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.8
0.9
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8

1.*

1.0
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.2
1.3
1.3.1
1.3.2
1.4
1.4.1
1.4.2

2.*

2.0
2.0.1
2.0.2
2.1
2.1.1
2.1.2
2.2

3.*

3.0
3.0.1
3.0.2
3.1
3.2
3.3
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.5
3.5.1
3.5.2
3.6
3.7
3.7.1
3.8
3.8.1

4.*

4.0
4.0.1

5.*

5.0
5.0.1
5.0.2
5.1
5.2
5.3
5.4
5.4.1
5.4.2
5.5
5.5.1
5.6
5.7
5.8

6.*

6.0.1
6.0.2
6.1

7.*

7.0

8.*

8.0
8.0.1
8.0.2
8.0.3
8.0.4
8.1
8.2
8.2.1
8.3

9.*

9.0
9.0.1
9.1

10.*

10.0
10.0.1
10.1
10.2
10.2.1

11.*

11.0
11.1
11.2
11.3
11.3.1

12.*

12.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.1
12.2
12.3
12.4

13.*

13.0
13.0.1
13.0.2

14.*

14.0
14.1
14.1.1
14.2
14.3
14.3.1

15.*

15.0
15.1
15.2

16.*

16.0

17.*

17.0
17.1
17.1.1

18.*

18.0
18.0.1
18.1
18.2
18.3
18.3.1
18.3.2
18.4
18.5
18.6
18.6.1
18.7
18.7.1
18.8
18.8.1

19.*

19.0
19.1
19.1.1
19.2
19.3
19.4
19.4.1
19.5
19.6
19.6.1
19.6.2
19.7

20.*

20.0
20.1
20.1.1
20.2.2
20.3
20.3.1
20.4
20.6.6
20.6.7
20.6.8
20.7.0
20.8.0
20.8.1
20.9.0
20.10.1

21.*

21.0.0
21.1.0
21.2.0
21.2.1
21.2.2

22.*

22.0.0
22.0.1
22.0.2
22.0.4
22.0.5

23.*

23.0.0
23.1.0
23.2.0
23.2.1

24.*

24.0.0
24.0.1
24.0.2
24.0.3
24.1.0
24.1.1
24.2.0
24.2.1
24.3.0
24.3.1

25.*

25.0.0
25.0.1
25.0.2
25.1.0
25.1.1
25.1.2
25.1.3
25.1.4
25.1.5
25.1.6
25.2.0
25.3.0
25.4.0

26.*

26.0.0
26.1.0
26.1.1

27.*

27.0.0
27.1.0
27.1.2
27.2.0
27.3.0
27.3.1

28.*

28.0.0
28.1.0
28.2.0
28.3.0
28.4.0
28.5.0
28.6.0
28.6.1
28.7.0
28.7.1
28.8.0
28.8.1

29.*

29.0.0
29.0.1

30.*

30.0.0
30.1.0
30.2.0
30.2.1
30.3.0
30.4.0

31.*

31.0.0
31.0.1

32.*

32.0.0
32.1.0
32.1.1
32.1.2
32.1.3
32.2.0
32.3.0
32.3.1

33.*

33.1.0
33.1.1

34.*

34.0.0
34.0.1
34.0.2
34.0.3
34.1.0
34.1.1
34.2.0
34.3.0
34.3.1
34.3.2
34.3.3
34.4.0
34.4.1

35.*

35.0.0
35.0.1
35.0.2

36.*

36.0.1
36.1.0
36.1.1
36.2.0
36.2.1
36.2.2
36.2.3
36.2.4
36.2.5
36.2.6
36.2.7
36.3.0
36.4.0
36.5.0
36.6.0
36.6.1
36.7.0
36.7.1
36.7.2
36.8.0

37.*

37.0.0

38.*

38.0.0
38.1.0
38.2.0
38.2.1
38.2.3
38.2.4
38.2.5
38.3.0
38.4.0
38.4.1
38.5.0
38.5.1
38.5.2
38.6.0
38.6.1
38.7.0

39.*

39.0.0
39.0.1
39.1.0
39.2.0

40.*

40.0.0
40.1.0
40.1.1
40.2.0
40.3.0
40.4.0
40.4.1
40.4.2
40.4.3
40.5.0
40.6.0
40.6.1
40.6.2
40.6.3
40.7.0
40.7.1
40.7.2
40.7.3
40.8.0
40.9.0

41.*

41.0.0
41.0.1
41.1.0
41.2.0
41.3.0
41.4.0
41.5.0
41.5.1
41.6.0

42.*

42.0.0
42.0.1
42.0.2

43.*

43.0.0

44.*

44.0.0
44.1.0
44.1.1

45.*

45.0.0
45.1.0
45.2.0
45.3.0

46.*

46.0.0
46.1.0
46.1.1
46.1.2
46.1.3
46.2.0
46.3.0
46.3.1
46.4.0

47.*

47.0.0
47.1.0
47.1.1
47.2.0
47.3.0
47.3.1
47.3.2

48.*

48.0.0

49.*

49.0.0
49.0.1
49.1.0
49.1.1
49.1.2
49.1.3
49.2.0
49.2.1
49.3.0
49.3.1
49.3.2
49.4.0
49.5.0
49.6.0

50.*

50.0.0
50.0.1
50.0.2
50.0.3
50.1.0
50.2.0
50.3.0
50.3.1
50.3.2

51.*

51.0.0
51.1.0
51.1.0.post20201221
51.1.1
51.1.2
51.2.0
51.3.0
51.3.1
51.3.2
51.3.3

52.*

52.0.0

53.*

53.0.0
53.1.0

54.*

54.0.0
54.1.0
54.1.1
54.1.2
54.1.3
54.2.0

56.*

56.0.0
56.1.0
56.2.0

57.*

57.0.0
57.1.0
57.2.0
57.3.0
57.4.0
57.5.0

58.*

58.0.0
58.0.1
58.0.2
58.0.3
58.0.4
58.1.0
58.2.0
58.3.0
58.4.0
58.5.0
58.5.1
58.5.2
58.5.3

59.*

59.0.1
59.1.0
59.1.1
59.2.0
59.3.0
59.4.0
59.5.0
59.6.0
59.7.0
59.8.0

60.*

60.0.0
60.0.1
60.0.2
60.0.3
60.0.4
60.0.5
60.1.0
60.1.1
60.2.0
60.3.0
60.3.1
60.4.0
60.5.0
60.6.0
60.7.0
60.7.1
60.8.0
60.8.1
60.8.2
60.9.0
60.9.1
60.9.2
60.9.3
60.10.0

61.*

61.0.0
61.1.0
61.1.1
61.2.0
61.3.0
61.3.1

62.*

62.0.0
62.1.0
62.2.0
62.3.0
62.3.1
62.3.2
62.3.3
62.3.4
62.4.0
62.5.0
62.6.0

63.*

63.0.0b1
63.0.0
63.1.0
63.2.0
63.3.0
63.4.0
63.4.1
63.4.2
63.4.3

64.*

64.0.0
64.0.1
64.0.2
64.0.3

65.*

65.0.0
65.0.1
65.0.2
65.1.0
65.1.1
65.2.0
65.3.0
65.4.0
65.4.1
65.5.0